|
||||||||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||||||||
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
For more options, visit https://groups.google.com/d/optout.
Not a bug.
If it were a password box, there would be no way to get its current value, so that's impractical. (This isn't a use case with passwords to external systems, so there's no problem there)
Workaround: Don't assign Extended Read permissions on remotely triggerable projects to untrusted users. Trigger the job in question differently e.g. as downstream job from a non-ExtendedReadable, but remotely triggerable job, or using real HTTP auth (username + API token).